Bug#863584: CVE-2017-2824

2017-06-09 Thread Moritz Mühlenhoff 
On Fri, Jun 02, 2017 at 07:22:20AM +1000, Dmitry Smirnov wrote:
> On Wednesday, 31 May 2017 10:57:01 PM AEST Moritz Mühlenhoff wrote:
> > Dmitry, can you please upload a fix in time for the stretch release?
> 
> I'm planning to work on it this weekend... I'll let you know how it goes.

Please also prepare an update for jessie-security.

Cheers,
Moritz

Bug#863584: CVE-2017-2824

2017-06-01 Thread Dmitry Smirnov 
On Wednesday, 31 May 2017 10:57:01 PM AEST Moritz Mühlenhoff wrote:
> Dmitry, can you please upload a fix in time for the stretch release?

I'm planning to work on it this weekend... I'll let you know how it goes.

-- 
Best wishes,
 Dmitry Smirnov.

---

The more false we destroy the more room there will be for the true.
 -- Robert G. Ingersoll, 1902


signature.asc
Description: This is a digitally signed message part.

Bug#863584: CVE-2017-2824

2017-05-31 Thread Moritz Mühlenhoff 
On Mon, May 29, 2017 at 12:05:59PM +0300, Alexei Vladishev wrote:
> Hey all,
> 
> Upstream here. Both issues has already been fixed under 
> https://support.zabbix.com/browse/ZBX-12075 
> .

Dmitry, can you please upload a fix in time for the stretch release?

Cheers,
   Moritz

Bug#863584: CVE-2017-2824

2017-05-29 Thread Alexei Vladishev 
Hey all,

Upstream here. Both issues has already been fixed under 
https://support.zabbix.com/browse/ZBX-12075 
.

Kind regards,
Alexei

> On 28 May 2017, at 23:42, Moritz Muehlenhoff  wrote:
> 
> Source: zabbix
> Severity: grave
> Tags: security
> 
> Please see
> http://www.talosintelligence.com/reports/TALOS-2017-0325/
> http://www.talosintelligence.com/reports/TALOS-2017-0326/
> 
> Cheers,
>Moritz
> 
>

Bug#863584: CVE-2017-2824

2017-05-28 Thread Salvatore Bonaccorso 
Control: retitle zabbix: CVE-2017-2824 CVE-2017-2825

On Sun, May 28, 2017 at 10:42:47PM +0200, Moritz Muehlenhoff wrote:
> Source: zabbix
> Severity: grave
> Tags: security
> 
> Please see
> http://www.talosintelligence.com/reports/TALOS-2017-0325/
> http://www.talosintelligence.com/reports/TALOS-2017-0326/

The second one now leads to a 404, looks like TALOS report has a
whiespace suffixed in the URL,
https://www.talosintelligence.com/reports/TALOS-2017-0326%20/ should
work.

And looks the CVE was corrected as well (previously both referenced
CVE-2017-2824).

Regards,
Salvatore

Bug#863584: CVE-2017-2824

2017-05-28 Thread Moritz Muehlenhoff 
Source: zabbix
Severity: grave
Tags: security

Please see
http://www.talosintelligence.com/reports/TALOS-2017-0325/
http://www.talosintelligence.com/reports/TALOS-2017-0326/

Cheers,
Moritz